Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/8a684b-0375-40e5-b726-ce7985b56093/1/tvfgUvtcFUvHCqRkTLoiggshnsg.roa
File:                     tvfgUvtcFUvHCqRkTLoiggshnsg.roa (raw, json)
Hash identifier:          CVcf/QqkE4iTDeLHjhmSd+wFRY4VP2GWULVl2K/QuqY=
Subject key identifier:   B6:F7:E0:52:FB:5C:15:4B:C7:0A:A4:64:4C:BA:22:82:0B:21:9E:C8
Certificate issuer:       /CN=0d814a5f08fb47711d7160b027f996dfb612f045
Certificate serial:       018CC56EDF7C9804EB0078B8AD36275F5474
Authority key identifier: 0D:81:4A:5F:08:FB:47:71:1D:71:60:B0:27:F9:96:DF:B6:12:F0:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DYFKXwj7R3EdcWCwJ_mW37YS8EU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/8a684b-0375-40e5-b726-ce7985b56093/1/tvfgUvtcFUvHCqRkTLoiggshnsg.roa
Signing time:             Mon 01 Jan 2024 14:30:26 +0000
ROA not before:           Mon 01 Jan 2024 14:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35132
IP address blocks:        178.249.120.0/21 maxlen: 21
                          185.243.176.0/22 maxlen: 22
                          217.149.112.0/20 maxlen: 20
                          185.186.132.0/22 maxlen: 22
                          109.122.48.0/21 maxlen: 21
                          62.50.160.0/19 maxlen: 19
                          185.141.156.0/22 maxlen: 22
                          185.214.16.0/22 maxlen: 22
                          37.32.48.0/21 maxlen: 21
                          89.20.224.0/19 maxlen: 19
                          93.89.32.0/20 maxlen: 20
                          185.197.220.0/22 maxlen: 22
                          109.235.100.0/22 maxlen: 22
                          95.111.160.0/19 maxlen: 19
                          188.119.80.0/22 maxlen: 22
                          2a02:1660::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/8a684b-0375-40e5-b726-ce7985b56093/1/DYFKXwj7R3EdcWCwJ_mW37YS8EU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/8a684b-0375-40e5-b726-ce7985b56093/1/DYFKXwj7R3EdcWCwJ_mW37YS8EU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DYFKXwj7R3EdcWCwJ_mW37YS8EU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:df:7c:98:04:eb:00:78:b8:ad:36:27:5f:54:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d814a5f08fb47711d7160b027f996dfb612f045
        Validity
            Not Before: Jan  1 14:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b6f7e052fb5c154bc70aa4644cba22820b219ec8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:c3:52:a3:60:5a:79:13:e6:b2:f8:bd:1a:8c:
                    39:8b:ab:5e:c6:7e:92:be:bb:68:e3:89:3a:ff:33:
                    8a:47:5c:7a:b3:cb:ac:16:96:20:d1:c0:39:35:54:
                    ba:de:da:5a:bc:8c:58:bb:49:65:0b:9e:89:36:0c:
                    8e:cd:bd:9a:1e:b7:82:b6:c3:2f:91:14:91:3c:fd:
                    d0:36:5c:ab:4c:05:b4:d8:a4:e0:5c:c5:6b:21:09:
                    33:b7:e0:f5:14:14:17:79:47:eb:4a:8d:58:83:79:
                    70:e5:75:37:fc:65:d9:76:51:ea:d4:21:85:d8:91:
                    ea:50:67:57:a7:35:c5:19:23:0f:57:ae:a2:42:a0:
                    ca:c4:d9:d3:14:fa:3b:23:f8:47:b8:35:af:91:dc:
                    f5:9f:c6:20:9f:d8:75:6a:d7:cd:aa:72:84:2c:a7:
                    20:76:bb:c7:c6:9f:23:34:e5:bb:a1:7c:14:b2:68:
                    6c:1a:e2:b5:2f:11:15:86:56:df:f7:e1:57:b9:82:
                    9f:cf:f9:96:3a:c1:8c:d9:28:74:36:6d:0b:a7:ba:
                    21:57:12:a5:9d:ef:63:68:48:95:6b:11:02:31:ad:
                    2f:dd:d7:a3:e8:70:2a:81:6c:28:2a:89:0d:8d:ad:
                    ab:4e:ef:d0:7a:17:cb:53:b1:89:31:8e:f0:90:48:
                    67:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:F7:E0:52:FB:5C:15:4B:C7:0A:A4:64:4C:BA:22:82:0B:21:9E:C8
            X509v3 Authority Key Identifier:
                keyid:0D:81:4A:5F:08:FB:47:71:1D:71:60:B0:27:F9:96:DF:B6:12:F0:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DYFKXwj7R3EdcWCwJ_mW37YS8EU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/8a684b-0375-40e5-b726-ce7985b56093/1/tvfgUvtcFUvHCqRkTLoiggshnsg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/8a684b-0375-40e5-b726-ce7985b56093/1/DYFKXwj7R3EdcWCwJ_mW37YS8EU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.32.48.0/21
                  62.50.160.0/19
                  89.20.224.0/19
                  93.89.32.0/20
                  95.111.160.0/19
                  109.122.48.0/21
                  109.235.100.0/22
                  178.249.120.0/21
                  185.141.156.0/22
                  185.186.132.0/22
                  185.197.220.0/22
                  185.214.16.0/22
                  185.243.176.0/22
                  188.119.80.0/22
                  217.149.112.0/20
                IPv6:
                  2a02:1660::/32

    Signature Algorithm: sha256WithRSAEncryption
         7e:86:d8:50:81:4b:d6:9a:d0:29:f0:5c:cd:1e:f5:e8:41:70:
         98:57:9e:85:1c:f7:a8:ca:ff:7d:c3:30:d1:1a:97:d8:4a:26:
         8c:05:66:28:fe:a1:0b:d8:80:57:f1:31:ab:3e:24:c3:c1:7d:
         fe:24:5e:c1:2e:52:c5:ea:70:12:4a:3e:ca:58:fb:d0:ad:72:
         80:1b:e9:d7:bf:39:ff:32:c2:bf:7f:32:4f:03:13:4a:c2:a2:
         a4:f5:e9:23:0c:9f:d9:e4:89:0e:6e:fb:62:8a:5a:68:7f:d3:
         26:03:0d:da:d0:96:ea:ab:a4:82:74:b6:7e:b2:46:85:74:2b:
         c5:95:ed:24:e8:0d:cb:d6:4a:04:e9:b6:de:d7:04:0f:28:b4:
         60:d3:3c:23:c2:c8:d5:7a:8b:84:11:7d:db:7c:f0:64:62:60:
         c7:dd:b4:70:f4:28:ca:7b:8a:fc:0d:88:a7:8f:ee:ca:eb:47:
         88:41:3f:24:fe:9e:bf:e7:bd:d0:de:04:2a:10:18:1b:45:e9:
         85:04:31:1f:84:14:e4:37:c7:61:42:5e:d9:fd:64:e6:4e:2b:
         50:b7:8d:03:4f:4d:54:5c:02:45:98:34:4e:30:07:00:3d:b4:
         0a:e6:41:72:ab:74:ef:f9:14:d8:0f:c2:c5:42:67:8b:c7:a5:
         df:17:85:3e
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgISAYzFbt98mATrAHi4rTYnX1R0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkODE0YTVmMDhmYjQ3NzExZDcxNjBiMDI3Zjk5NmRmYjYx
MmYwNDUwHhcNMjQwMTAxMTQzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmY3ZTA1MmZiNWMxNTRiYzcwYWE0NjQ0Y2JhMjI4MjBiMjE5ZWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoMNSo2BaeRPmsvi9Gow5i6texn6S
vrto44k6/zOKR1x6s8usFpYg0cA5NVS63tpavIxYu0llC56JNgyOzb2aHreCtsMv
kRSRPP3QNlyrTAW02KTgXMVrIQkzt+D1FBQXeUfrSo1Yg3lw5XU3/GXZdlHq1CGF
2JHqUGdXpzXFGSMPV66iQqDKxNnTFPo7I/hHuDWvkdz1n8Ygn9h1atfNqnKELKcg
drvHxp8jNOW7oXwUsmhsGuK1LxEVhlbf9+FXuYKfz/mWOsGM2Sh0Nm0Lp7ohVxKl
ne9jaEiVaxECMa0v3dej6HAqgWwoKokNja2rTu/QehfLU7GJMY7wkEhnNwIDAQAB
o4ICbTCCAmkwHQYDVR0OBBYEFLb34FL7XBVLxwqkZEy6IoILIZ7IMB8GA1UdIwQY
MBaAFA2BSl8I+0dxHXFgsCf5lt+2EvBFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFlGS1h3ajdSM0VkY1dDd0pfbVczN1lTOEVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC84YTY4NGItMDM3NS00MGU1LWI3MjYt
Y2U3OTg1YjU2MDkzLzEvdHZmZ1V2dGNGVXZIQ3FSa1RMb2lnZ3NobnNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC84YTY4NGItMDM3NS00MGU1LWI3MjYtY2U3OTg1YjU2MDkz
LzEvRFlGS1h3ajdSM0VkY1dDd0pfbVczN1lTOEVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGCBggrBgEFBQcBBwEB/wRzMHEwYAQCAAEwWgMEAyUgMAME
BT4yoAMEBVkU4AMEBF1ZIAMEBV9voAMEA216MAMEAm3rZAMEA7L5eAMEArmNnAME
Arm6hAMEArnF3AMEArnWEAMEArnzsAMEArx3UAMEBNmVcDANBAIAAjAHAwUAKgIW
YDANBgkqhkiG9w0BAQsFAAOCAQEAfobYUIFL1prQKfBczR716EFwmFeehRz3qMr/
fcMw0RqX2EomjAVmKP6hC9iAV/Exqz4kw8F9/iRewS5SxepwEko+ylj70K1ygBvp
1785/zLCv38yTwMTSsKipPXpIwyf2eSJDm77YopaaH/TJgMN2tCW6qukgnS2frJG
hXQrxZXtJOgNy9ZKBOm23tcEDyi0YNM8I8LI1XqLhBF923zwZGJgx920cPQoynuK
/A2Ip4/uyutHiEE/JP6ev+e90N4EKhAYG0XphQQxH4QU5DfHYUJe2f1k5k4rULeN
A09NVFwCRZg0TjAHAD20CuZBcqt07/kU2A/CxUJni8el3xeFPg==
-----END CERTIFICATE-----
Generated at Sat Nov 23 16:19:26 2024 by rpki-client on console-fra.rpki-client.org